2 * SPDX-License-Identifier: BSD-3-Clause
4 * Copyright (c) 1987, 1991, 1993
5 * The Regents of the University of California.
6 * Copyright (c) 2005-2009 Robert N. M. Watson
7 * Copyright (c) 2008 Otto Moerbeek <otto@drijf.net> (mallocarray)
10 * Redistribution and use in source and binary forms, with or without
11 * modification, are permitted provided that the following conditions
13 * 1. Redistributions of source code must retain the above copyright
14 * notice, this list of conditions and the following disclaimer.
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in the
17 * documentation and/or other materials provided with the distribution.
18 * 3. Neither the name of the University nor the names of its contributors
19 * may be used to endorse or promote products derived from this software
20 * without specific prior written permission.
22 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
23 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
24 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
25 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
26 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
27 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
28 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
29 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
30 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
31 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
34 * @(#)kern_malloc.c 8.3 (Berkeley) 1/4/94
38 * Kernel malloc(9) implementation -- general purpose kernel memory allocator
39 * based on memory types. Back end is implemented using the UMA(9) zone
40 * allocator. A set of fixed-size buckets are used for smaller allocations,
41 * and a special UMA allocation interface is used for larger allocations.
42 * Callers declare memory types, and statistics are maintained independently
43 * for each memory type. Statistics are maintained per-CPU for performance
44 * reasons. See malloc(9) and comments in malloc.h for a detailed
48 #include <sys/cdefs.h>
49 __FBSDID("$FreeBSD$");
54 #include <sys/param.h>
55 #include <sys/systm.h>
57 #include <sys/kernel.h>
59 #include <sys/malloc.h>
60 #include <sys/mutex.h>
61 #include <sys/vmmeter.h>
64 #include <sys/sysctl.h>
70 #include <vm/vm_pageout.h>
71 #include <vm/vm_param.h>
72 #include <vm/vm_kern.h>
73 #include <vm/vm_extern.h>
74 #include <vm/vm_map.h>
75 #include <vm/vm_page.h>
77 #include <vm/uma_int.h>
78 #include <vm/uma_dbg.h>
81 #include <vm/memguard.h>
84 #include <vm/redzone.h>
87 #if defined(INVARIANTS) && defined(__i386__)
88 #include <machine/cpu.h>
94 #include <sys/dtrace_bsd.h>
96 dtrace_malloc_probe_func_t dtrace_malloc_probe;
99 extern void uma_startup2(void);
101 #if defined(INVARIANTS) || defined(MALLOC_MAKE_FAILURES) || \
102 defined(DEBUG_MEMGUARD) || defined(DEBUG_REDZONE)
103 #define MALLOC_DEBUG 1
107 * When realloc() is called, if the new size is sufficiently smaller than
108 * the old size, realloc() will allocate a new, smaller block to avoid
109 * wasting memory. 'Sufficiently smaller' is defined as: newsize <=
110 * oldsize / 2^n, where REALLOC_FRACTION defines the value of 'n'.
112 #ifndef REALLOC_FRACTION
113 #define REALLOC_FRACTION 1 /* new block if <= half the size */
117 * Centrally define some common malloc types.
119 MALLOC_DEFINE(M_CACHE, "cache", "Various Dynamically allocated caches");
120 MALLOC_DEFINE(M_DEVBUF, "devbuf", "device driver memory");
121 MALLOC_DEFINE(M_TEMP, "temp", "misc temporary data buffers");
123 static struct malloc_type *kmemstatistics;
124 static int kmemcount;
126 #define KMEM_ZSHIFT 4
127 #define KMEM_ZBASE 16
128 #define KMEM_ZMASK (KMEM_ZBASE - 1)
130 #define KMEM_ZMAX 65536
131 #define KMEM_ZSIZE (KMEM_ZMAX >> KMEM_ZSHIFT)
132 static uint8_t kmemsize[KMEM_ZSIZE + 1];
134 #ifndef MALLOC_DEBUG_MAXZONES
135 #define MALLOC_DEBUG_MAXZONES 1
137 static int numzones = MALLOC_DEBUG_MAXZONES;
140 * Small malloc(9) memory allocations are allocated from a set of UMA buckets
143 * XXX: The comment here used to read "These won't be powers of two for
144 * long." It's possible that a significant amount of wasted memory could be
145 * recovered by tuning the sizes of these buckets.
150 uma_zone_t kz_zone[MALLOC_DEBUG_MAXZONES];
169 * Zone to allocate malloc type descriptions from. For ABI reasons, memory
170 * types are described by a data structure passed by the declaring code, but
171 * the malloc(9) implementation has its own data structure describing the
172 * type and statistics. This permits the malloc(9)-internal data structures
173 * to be modified without breaking binary-compiled kernel modules that
174 * declare malloc types.
176 static uma_zone_t mt_zone;
179 SYSCTL_ULONG(_vm, OID_AUTO, kmem_size, CTLFLAG_RDTUN, &vm_kmem_size, 0,
180 "Size of kernel memory");
182 static u_long kmem_zmax = KMEM_ZMAX;
183 SYSCTL_ULONG(_vm, OID_AUTO, kmem_zmax, CTLFLAG_RDTUN, &kmem_zmax, 0,
184 "Maximum allocation size that malloc(9) would use UMA as backend");
186 static u_long vm_kmem_size_min;
187 SYSCTL_ULONG(_vm, OID_AUTO, kmem_size_min, CTLFLAG_RDTUN, &vm_kmem_size_min, 0,
188 "Minimum size of kernel memory");
190 static u_long vm_kmem_size_max;
191 SYSCTL_ULONG(_vm, OID_AUTO, kmem_size_max, CTLFLAG_RDTUN, &vm_kmem_size_max, 0,
192 "Maximum size of kernel memory");
194 static u_int vm_kmem_size_scale;
195 SYSCTL_UINT(_vm, OID_AUTO, kmem_size_scale, CTLFLAG_RDTUN, &vm_kmem_size_scale, 0,
196 "Scale factor for kernel memory size");
198 static int sysctl_kmem_map_size(SYSCTL_HANDLER_ARGS);
199 SYSCTL_PROC(_vm, OID_AUTO, kmem_map_size,
200 CTLFLAG_RD | CTLTYPE_ULONG | CTLFLAG_MPSAFE, NULL, 0,
201 sysctl_kmem_map_size, "LU", "Current kmem allocation size");
203 static int sysctl_kmem_map_free(SYSCTL_HANDLER_ARGS);
204 SYSCTL_PROC(_vm, OID_AUTO, kmem_map_free,
205 CTLFLAG_RD | CTLTYPE_ULONG | CTLFLAG_MPSAFE, NULL, 0,
206 sysctl_kmem_map_free, "LU", "Free space in kmem");
209 * The malloc_mtx protects the kmemstatistics linked list.
211 struct mtx malloc_mtx;
213 #ifdef MALLOC_PROFILE
214 uint64_t krequests[KMEM_ZSIZE + 1];
216 static int sysctl_kern_mprof(SYSCTL_HANDLER_ARGS);
219 static int sysctl_kern_malloc_stats(SYSCTL_HANDLER_ARGS);
222 * time_uptime of the last malloc(9) failure (induced or real).
224 static time_t t_malloc_fail;
226 #if defined(MALLOC_MAKE_FAILURES) || (MALLOC_DEBUG_MAXZONES > 1)
227 static SYSCTL_NODE(_debug, OID_AUTO, malloc, CTLFLAG_RD, 0,
228 "Kernel malloc debugging options");
232 * malloc(9) fault injection -- cause malloc failures every (n) mallocs when
233 * the caller specifies M_NOWAIT. If set to 0, no failures are caused.
235 #ifdef MALLOC_MAKE_FAILURES
236 static int malloc_failure_rate;
237 static int malloc_nowait_count;
238 static int malloc_failure_count;
239 SYSCTL_INT(_debug_malloc, OID_AUTO, failure_rate, CTLFLAG_RWTUN,
240 &malloc_failure_rate, 0, "Every (n) mallocs with M_NOWAIT will fail");
241 SYSCTL_INT(_debug_malloc, OID_AUTO, failure_count, CTLFLAG_RD,
242 &malloc_failure_count, 0, "Number of imposed M_NOWAIT malloc failures");
246 sysctl_kmem_map_size(SYSCTL_HANDLER_ARGS)
251 return (sysctl_handle_long(oidp, &size, 0, req));
255 sysctl_kmem_map_free(SYSCTL_HANDLER_ARGS)
259 /* The sysctl is unsigned, implement as a saturation value. */
266 return (sysctl_handle_long(oidp, &size, 0, req));
270 * malloc(9) uma zone separation -- sub-page buffer overruns in one
271 * malloc type will affect only a subset of other malloc types.
273 #if MALLOC_DEBUG_MAXZONES > 1
275 tunable_set_numzones(void)
278 TUNABLE_INT_FETCH("debug.malloc.numzones",
281 /* Sanity check the number of malloc uma zones. */
284 if (numzones > MALLOC_DEBUG_MAXZONES)
285 numzones = MALLOC_DEBUG_MAXZONES;
287 SYSINIT(numzones, SI_SUB_TUNABLES, SI_ORDER_ANY, tunable_set_numzones, NULL);
288 SYSCTL_INT(_debug_malloc, OID_AUTO, numzones, CTLFLAG_RDTUN | CTLFLAG_NOFETCH,
289 &numzones, 0, "Number of malloc uma subzones");
292 * Any number that changes regularly is an okay choice for the
293 * offset. Build numbers are pretty good of you have them.
295 static u_int zone_offset = __FreeBSD_version;
296 TUNABLE_INT("debug.malloc.zone_offset", &zone_offset);
297 SYSCTL_UINT(_debug_malloc, OID_AUTO, zone_offset, CTLFLAG_RDTUN,
298 &zone_offset, 0, "Separate malloc types by examining the "
299 "Nth character in the malloc type short description.");
302 mtp_get_subzone(const char *desc)
307 if (desc == NULL || (len = strlen(desc)) == 0)
309 val = desc[zone_offset % len];
310 return (val % numzones);
312 #elif MALLOC_DEBUG_MAXZONES == 0
313 #error "MALLOC_DEBUG_MAXZONES must be positive."
316 mtp_get_subzone(const char *desc)
321 #endif /* MALLOC_DEBUG_MAXZONES > 1 */
324 malloc_last_fail(void)
327 return (time_uptime - t_malloc_fail);
331 * An allocation has succeeded -- update malloc type statistics for the
332 * amount of bucket size. Occurs within a critical section so that the
333 * thread isn't preempted and doesn't migrate while updating per-PCU
337 malloc_type_zone_allocated(struct malloc_type *mtp, unsigned long size,
340 struct malloc_type_internal *mtip;
341 struct malloc_type_stats *mtsp;
344 mtip = mtp->ks_handle;
345 mtsp = &mtip->mti_stats[curcpu];
347 mtsp->mts_memalloced += size;
348 mtsp->mts_numallocs++;
351 mtsp->mts_size |= 1 << zindx;
354 if (dtrace_malloc_probe != NULL) {
355 uint32_t probe_id = mtip->mti_probes[DTMALLOC_PROBE_MALLOC];
357 (dtrace_malloc_probe)(probe_id,
358 (uintptr_t) mtp, (uintptr_t) mtip,
359 (uintptr_t) mtsp, size, zindx);
367 malloc_type_allocated(struct malloc_type *mtp, unsigned long size)
371 malloc_type_zone_allocated(mtp, size, -1);
375 * A free operation has occurred -- update malloc type statistics for the
376 * amount of the bucket size. Occurs within a critical section so that the
377 * thread isn't preempted and doesn't migrate while updating per-CPU
381 malloc_type_freed(struct malloc_type *mtp, unsigned long size)
383 struct malloc_type_internal *mtip;
384 struct malloc_type_stats *mtsp;
387 mtip = mtp->ks_handle;
388 mtsp = &mtip->mti_stats[curcpu];
389 mtsp->mts_memfreed += size;
390 mtsp->mts_numfrees++;
393 if (dtrace_malloc_probe != NULL) {
394 uint32_t probe_id = mtip->mti_probes[DTMALLOC_PROBE_FREE];
396 (dtrace_malloc_probe)(probe_id,
397 (uintptr_t) mtp, (uintptr_t) mtip,
398 (uintptr_t) mtsp, size, 0);
408 * Allocate a block of physically contiguous memory.
410 * If M_NOWAIT is set, this routine will not block and return NULL if
411 * the allocation fails.
414 contigmalloc(unsigned long size, struct malloc_type *type, int flags,
415 vm_paddr_t low, vm_paddr_t high, unsigned long alignment,
420 ret = (void *)kmem_alloc_contig(kernel_arena, size, flags, low, high,
421 alignment, boundary, VM_MEMATTR_DEFAULT);
423 malloc_type_allocated(type, round_page(size));
428 contigmalloc_domain(unsigned long size, struct malloc_type *type,
429 int domain, int flags, vm_paddr_t low, vm_paddr_t high,
430 unsigned long alignment, vm_paddr_t boundary)
434 ret = (void *)kmem_alloc_contig_domain(domain, size, flags, low, high,
435 alignment, boundary, VM_MEMATTR_DEFAULT);
437 malloc_type_allocated(type, round_page(size));
444 * Free a block of memory allocated by contigmalloc.
446 * This routine may not block.
449 contigfree(void *addr, unsigned long size, struct malloc_type *type)
452 kmem_free(kernel_arena, (vm_offset_t)addr, size);
453 malloc_type_freed(type, round_page(size));
458 malloc_dbg(caddr_t *vap, size_t *sizep, struct malloc_type *mtp,
464 KASSERT(mtp->ks_magic == M_MAGIC, ("malloc: bad malloc type magic"));
466 * Check that exactly one of M_WAITOK or M_NOWAIT is specified.
468 indx = flags & (M_WAITOK | M_NOWAIT);
469 if (indx != M_NOWAIT && indx != M_WAITOK) {
470 static struct timeval lasterr;
471 static int curerr, once;
472 if (once == 0 && ppsratecheck(&lasterr, &curerr, 1)) {
473 printf("Bad malloc flags: %x\n", indx);
480 #ifdef MALLOC_MAKE_FAILURES
481 if ((flags & M_NOWAIT) && (malloc_failure_rate != 0)) {
482 atomic_add_int(&malloc_nowait_count, 1);
483 if ((malloc_nowait_count % malloc_failure_rate) == 0) {
484 atomic_add_int(&malloc_failure_count, 1);
485 t_malloc_fail = time_uptime;
487 return (EJUSTRETURN);
491 if (flags & M_WAITOK)
492 KASSERT(curthread->td_intr_nesting_level == 0,
493 ("malloc(M_WAITOK) in interrupt context"));
494 KASSERT(curthread->td_critnest == 0 || SCHEDULER_STOPPED(),
495 ("malloc: called with spinlock or critical section held"));
497 #ifdef DEBUG_MEMGUARD
498 if (memguard_cmp_mtp(mtp, *sizep)) {
499 *vap = memguard_alloc(*sizep, flags);
501 return (EJUSTRETURN);
502 /* This is unfortunate but should not be fatal. */
507 *sizep = redzone_size_ntor(*sizep);
517 * Allocate a block of memory.
519 * If M_NOWAIT is set, this routine will not block and return NULL if
520 * the allocation fails.
523 malloc(size_t size, struct malloc_type *mtp, int flags)
526 struct malloc_type_internal *mtip;
529 #if defined(DEBUG_REDZONE)
530 unsigned long osize = size;
534 if (malloc_dbg(&va, &size, mtp, flags) != 0)
538 if (size <= kmem_zmax) {
539 mtip = mtp->ks_handle;
540 if (size & KMEM_ZMASK)
541 size = (size & ~KMEM_ZMASK) + KMEM_ZBASE;
542 indx = kmemsize[size >> KMEM_ZSHIFT];
543 KASSERT(mtip->mti_zone < numzones,
544 ("mti_zone %u out of range %d",
545 mtip->mti_zone, numzones));
546 zone = kmemzones[indx].kz_zone[mtip->mti_zone];
547 #ifdef MALLOC_PROFILE
548 krequests[size >> KMEM_ZSHIFT]++;
550 va = uma_zalloc(zone, flags);
552 size = zone->uz_size;
553 malloc_type_zone_allocated(mtp, va == NULL ? 0 : size, indx);
555 size = roundup(size, PAGE_SIZE);
557 va = uma_large_malloc(size, flags);
558 malloc_type_allocated(mtp, va == NULL ? 0 : size);
560 if (flags & M_WAITOK)
561 KASSERT(va != NULL, ("malloc(M_WAITOK) returned NULL"));
563 t_malloc_fail = time_uptime;
566 va = redzone_setup(va, osize);
568 return ((void *) va);
572 malloc_domain(size_t size, struct malloc_type *mtp, int domain,
576 struct malloc_type_internal *mtip;
579 #if defined(DEBUG_REDZONE)
580 unsigned long osize = size;
584 if (malloc_dbg(&va, &size, mtp, flags) != 0)
587 if (size <= kmem_zmax) {
588 mtip = mtp->ks_handle;
589 if (size & KMEM_ZMASK)
590 size = (size & ~KMEM_ZMASK) + KMEM_ZBASE;
591 indx = kmemsize[size >> KMEM_ZSHIFT];
592 KASSERT(mtip->mti_zone < numzones,
593 ("mti_zone %u out of range %d",
594 mtip->mti_zone, numzones));
595 zone = kmemzones[indx].kz_zone[mtip->mti_zone];
596 #ifdef MALLOC_PROFILE
597 krequests[size >> KMEM_ZSHIFT]++;
599 va = uma_zalloc_domain(zone, NULL, domain, flags);
601 size = zone->uz_size;
602 malloc_type_zone_allocated(mtp, va == NULL ? 0 : size, indx);
604 size = roundup(size, PAGE_SIZE);
606 va = uma_large_malloc_domain(size, domain, flags);
607 malloc_type_allocated(mtp, va == NULL ? 0 : size);
609 if (flags & M_WAITOK)
610 KASSERT(va != NULL, ("malloc(M_WAITOK) returned NULL"));
612 t_malloc_fail = time_uptime;
615 va = redzone_setup(va, osize);
617 return ((void *) va);
621 mallocarray(size_t nmemb, size_t size, struct malloc_type *type, int flags)
624 if (WOULD_OVERFLOW(nmemb, size))
625 panic("mallocarray: %zu * %zu overflowed", nmemb, size);
627 return (malloc(size * nmemb, type, flags));
632 free_save_type(void *addr, struct malloc_type *mtp, u_long size)
634 struct malloc_type **mtpp = addr;
637 * Cache a pointer to the malloc_type that most recently freed
638 * this memory here. This way we know who is most likely to
639 * have stepped on it later.
641 * This code assumes that size is a multiple of 8 bytes for
644 mtpp = (struct malloc_type **) ((unsigned long)mtpp & ~UMA_ALIGN_PTR);
645 mtpp += (size - sizeof(struct malloc_type *)) /
646 sizeof(struct malloc_type *);
653 free_dbg(void **addrp, struct malloc_type *mtp)
658 KASSERT(mtp->ks_magic == M_MAGIC, ("free: bad malloc type magic"));
659 KASSERT(curthread->td_critnest == 0 || SCHEDULER_STOPPED(),
660 ("free: called with spinlock or critical section held"));
662 /* free(NULL, ...) does nothing */
664 return (EJUSTRETURN);
666 #ifdef DEBUG_MEMGUARD
667 if (is_memguard_addr(addr)) {
669 return (EJUSTRETURN);
675 *addrp = redzone_addr_ntor(addr);
685 * Free a block of memory allocated by malloc.
687 * This routine may not block.
690 free(void *addr, struct malloc_type *mtp)
696 if (free_dbg(&addr, mtp) != 0)
699 /* free(NULL, ...) does nothing */
703 slab = vtoslab((vm_offset_t)addr & (~UMA_SLAB_MASK));
705 panic("free: address %p(%p) has not been allocated.\n",
706 addr, (void *)((u_long)addr & (~UMA_SLAB_MASK)));
708 if (!(slab->us_flags & UMA_SLAB_MALLOC)) {
709 size = slab->us_keg->uk_size;
711 free_save_type(addr, mtp, size);
713 uma_zfree_arg(LIST_FIRST(&slab->us_keg->uk_zones), addr, slab);
715 size = slab->us_size;
716 uma_large_free(slab);
718 malloc_type_freed(mtp, size);
722 free_domain(void *addr, struct malloc_type *mtp)
728 if (free_dbg(&addr, mtp) != 0)
732 /* free(NULL, ...) does nothing */
736 slab = vtoslab((vm_offset_t)addr & (~UMA_SLAB_MASK));
738 panic("free_domain: address %p(%p) has not been allocated.\n",
739 addr, (void *)((u_long)addr & (~UMA_SLAB_MASK)));
741 if (!(slab->us_flags & UMA_SLAB_MALLOC)) {
742 size = slab->us_keg->uk_size;
744 free_save_type(addr, mtp, size);
746 uma_zfree_domain(LIST_FIRST(&slab->us_keg->uk_zones),
749 size = slab->us_size;
750 uma_large_free(slab);
752 malloc_type_freed(mtp, size);
756 * realloc: change the size of a memory block
759 realloc(void *addr, size_t size, struct malloc_type *mtp, int flags)
765 KASSERT(mtp->ks_magic == M_MAGIC,
766 ("realloc: bad malloc type magic"));
767 KASSERT(curthread->td_critnest == 0 || SCHEDULER_STOPPED(),
768 ("realloc: called with spinlock or critical section held"));
770 /* realloc(NULL, ...) is equivalent to malloc(...) */
772 return (malloc(size, mtp, flags));
775 * XXX: Should report free of old memory and alloc of new memory to
779 #ifdef DEBUG_MEMGUARD
780 if (is_memguard_addr(addr))
781 return (memguard_realloc(addr, size, mtp, flags));
786 alloc = redzone_get_size(addr);
788 slab = vtoslab((vm_offset_t)addr & ~(UMA_SLAB_MASK));
791 KASSERT(slab != NULL,
792 ("realloc: address %p out of range", (void *)addr));
794 /* Get the size of the original block */
795 if (!(slab->us_flags & UMA_SLAB_MALLOC))
796 alloc = slab->us_keg->uk_size;
798 alloc = slab->us_size;
800 /* Reuse the original block if appropriate */
802 && (size > (alloc >> REALLOC_FRACTION) || alloc == MINALLOCSIZE))
804 #endif /* !DEBUG_REDZONE */
806 /* Allocate a new, bigger (or smaller) block */
807 if ((newaddr = malloc(size, mtp, flags)) == NULL)
810 /* Copy over original contents */
811 bcopy(addr, newaddr, min(size, alloc));
817 * reallocf: same as realloc() but free memory on failure.
820 reallocf(void *addr, size_t size, struct malloc_type *mtp, int flags)
824 if ((mem = realloc(addr, size, mtp, flags)) == NULL)
830 CTASSERT(VM_KMEM_SIZE_SCALE >= 1);
834 * Initialize the kernel memory (kmem) arena.
843 if (vm_kmem_size == 0)
844 vm_kmem_size = VM_KMEM_SIZE;
846 #ifdef VM_KMEM_SIZE_MIN
847 if (vm_kmem_size_min == 0)
848 vm_kmem_size_min = VM_KMEM_SIZE_MIN;
850 #ifdef VM_KMEM_SIZE_MAX
851 if (vm_kmem_size_max == 0)
852 vm_kmem_size_max = VM_KMEM_SIZE_MAX;
855 * Calculate the amount of kernel virtual address (KVA) space that is
856 * preallocated to the kmem arena. In order to support a wide range
857 * of machines, it is a function of the physical memory size,
860 * min(max(physical memory size / VM_KMEM_SIZE_SCALE,
861 * VM_KMEM_SIZE_MIN), VM_KMEM_SIZE_MAX)
863 * Every architecture must define an integral value for
864 * VM_KMEM_SIZE_SCALE. However, the definitions of VM_KMEM_SIZE_MIN
865 * and VM_KMEM_SIZE_MAX, which represent respectively the floor and
866 * ceiling on this preallocation, are optional. Typically,
867 * VM_KMEM_SIZE_MAX is itself a function of the available KVA space on
868 * a given architecture.
870 mem_size = vm_cnt.v_page_count;
871 if (mem_size <= 32768) /* delphij XXX 128MB */
872 kmem_zmax = PAGE_SIZE;
874 if (vm_kmem_size_scale < 1)
875 vm_kmem_size_scale = VM_KMEM_SIZE_SCALE;
878 * Check if we should use defaults for the "vm_kmem_size"
881 if (vm_kmem_size == 0) {
882 vm_kmem_size = (mem_size / vm_kmem_size_scale) * PAGE_SIZE;
884 if (vm_kmem_size_min > 0 && vm_kmem_size < vm_kmem_size_min)
885 vm_kmem_size = vm_kmem_size_min;
886 if (vm_kmem_size_max > 0 && vm_kmem_size >= vm_kmem_size_max)
887 vm_kmem_size = vm_kmem_size_max;
891 * The amount of KVA space that is preallocated to the
892 * kmem arena can be set statically at compile-time or manually
893 * through the kernel environment. However, it is still limited to
894 * twice the physical memory size, which has been sufficient to handle
895 * the most severe cases of external fragmentation in the kmem arena.
897 if (vm_kmem_size / 2 / PAGE_SIZE > mem_size)
898 vm_kmem_size = 2 * mem_size * PAGE_SIZE;
900 vm_kmem_size = round_page(vm_kmem_size);
901 #ifdef DEBUG_MEMGUARD
902 tmp = memguard_fudge(vm_kmem_size, kernel_map);
908 #ifdef DEBUG_MEMGUARD
910 * Initialize MemGuard if support compiled in. MemGuard is a
911 * replacement allocator used for detecting tamper-after-free
912 * scenarios as they occur. It is only used for debugging.
914 memguard_init(kernel_arena);
919 * Initialize the kernel memory allocator
923 mallocinit(void *dummy)
928 mtx_init(&malloc_mtx, "malloc", NULL, MTX_DEF);
934 if (kmem_zmax < PAGE_SIZE || kmem_zmax > KMEM_ZMAX)
935 kmem_zmax = KMEM_ZMAX;
937 mt_zone = uma_zcreate("mt_zone", sizeof(struct malloc_type_internal),
939 mtrash_ctor, mtrash_dtor, mtrash_init, mtrash_fini,
941 NULL, NULL, NULL, NULL,
943 UMA_ALIGN_PTR, UMA_ZONE_MALLOC);
944 for (i = 0, indx = 0; kmemzones[indx].kz_size != 0; indx++) {
945 int size = kmemzones[indx].kz_size;
946 char *name = kmemzones[indx].kz_name;
949 for (subzone = 0; subzone < numzones; subzone++) {
950 kmemzones[indx].kz_zone[subzone] =
951 uma_zcreate(name, size,
953 mtrash_ctor, mtrash_dtor, mtrash_init, mtrash_fini,
955 NULL, NULL, NULL, NULL,
957 UMA_ALIGN_PTR, UMA_ZONE_MALLOC);
959 for (;i <= size; i+= KMEM_ZBASE)
960 kmemsize[i >> KMEM_ZSHIFT] = indx;
964 SYSINIT(kmem, SI_SUB_KMEM, SI_ORDER_SECOND, mallocinit, NULL);
967 malloc_init(void *data)
969 struct malloc_type_internal *mtip;
970 struct malloc_type *mtp;
972 KASSERT(vm_cnt.v_page_count != 0, ("malloc_register before vm_init"));
975 if (mtp->ks_magic != M_MAGIC)
976 panic("malloc_init: bad malloc type magic");
978 mtip = uma_zalloc(mt_zone, M_WAITOK | M_ZERO);
979 mtp->ks_handle = mtip;
980 mtip->mti_zone = mtp_get_subzone(mtp->ks_shortdesc);
982 mtx_lock(&malloc_mtx);
983 mtp->ks_next = kmemstatistics;
984 kmemstatistics = mtp;
986 mtx_unlock(&malloc_mtx);
990 malloc_uninit(void *data)
992 struct malloc_type_internal *mtip;
993 struct malloc_type_stats *mtsp;
994 struct malloc_type *mtp, *temp;
996 long temp_allocs, temp_bytes;
1000 KASSERT(mtp->ks_magic == M_MAGIC,
1001 ("malloc_uninit: bad malloc type magic"));
1002 KASSERT(mtp->ks_handle != NULL, ("malloc_deregister: cookie NULL"));
1004 mtx_lock(&malloc_mtx);
1005 mtip = mtp->ks_handle;
1006 mtp->ks_handle = NULL;
1007 if (mtp != kmemstatistics) {
1008 for (temp = kmemstatistics; temp != NULL;
1009 temp = temp->ks_next) {
1010 if (temp->ks_next == mtp) {
1011 temp->ks_next = mtp->ks_next;
1016 ("malloc_uninit: type '%s' not found", mtp->ks_shortdesc));
1018 kmemstatistics = mtp->ks_next;
1020 mtx_unlock(&malloc_mtx);
1023 * Look for memory leaks.
1025 temp_allocs = temp_bytes = 0;
1026 for (i = 0; i < MAXCPU; i++) {
1027 mtsp = &mtip->mti_stats[i];
1028 temp_allocs += mtsp->mts_numallocs;
1029 temp_allocs -= mtsp->mts_numfrees;
1030 temp_bytes += mtsp->mts_memalloced;
1031 temp_bytes -= mtsp->mts_memfreed;
1033 if (temp_allocs > 0 || temp_bytes > 0) {
1034 printf("Warning: memory type %s leaked memory on destroy "
1035 "(%ld allocations, %ld bytes leaked).\n", mtp->ks_shortdesc,
1036 temp_allocs, temp_bytes);
1039 slab = vtoslab((vm_offset_t) mtip & (~UMA_SLAB_MASK));
1040 uma_zfree_arg(mt_zone, mtip, slab);
1043 struct malloc_type *
1044 malloc_desc2type(const char *desc)
1046 struct malloc_type *mtp;
1048 mtx_assert(&malloc_mtx, MA_OWNED);
1049 for (mtp = kmemstatistics; mtp != NULL; mtp = mtp->ks_next) {
1050 if (strcmp(mtp->ks_shortdesc, desc) == 0)
1057 sysctl_kern_malloc_stats(SYSCTL_HANDLER_ARGS)
1059 struct malloc_type_stream_header mtsh;
1060 struct malloc_type_internal *mtip;
1061 struct malloc_type_header mth;
1062 struct malloc_type *mtp;
1066 error = sysctl_wire_old_buffer(req, 0);
1069 sbuf_new_for_sysctl(&sbuf, NULL, 128, req);
1070 sbuf_clear_flags(&sbuf, SBUF_INCLUDENUL);
1071 mtx_lock(&malloc_mtx);
1074 * Insert stream header.
1076 bzero(&mtsh, sizeof(mtsh));
1077 mtsh.mtsh_version = MALLOC_TYPE_STREAM_VERSION;
1078 mtsh.mtsh_maxcpus = MAXCPU;
1079 mtsh.mtsh_count = kmemcount;
1080 (void)sbuf_bcat(&sbuf, &mtsh, sizeof(mtsh));
1083 * Insert alternating sequence of type headers and type statistics.
1085 for (mtp = kmemstatistics; mtp != NULL; mtp = mtp->ks_next) {
1086 mtip = (struct malloc_type_internal *)mtp->ks_handle;
1089 * Insert type header.
1091 bzero(&mth, sizeof(mth));
1092 strlcpy(mth.mth_name, mtp->ks_shortdesc, MALLOC_MAX_NAME);
1093 (void)sbuf_bcat(&sbuf, &mth, sizeof(mth));
1096 * Insert type statistics for each CPU.
1098 for (i = 0; i < MAXCPU; i++) {
1099 (void)sbuf_bcat(&sbuf, &mtip->mti_stats[i],
1100 sizeof(mtip->mti_stats[i]));
1103 mtx_unlock(&malloc_mtx);
1104 error = sbuf_finish(&sbuf);
1109 SYSCTL_PROC(_kern, OID_AUTO, malloc_stats, CTLFLAG_RD|CTLTYPE_STRUCT,
1110 0, 0, sysctl_kern_malloc_stats, "s,malloc_type_ustats",
1111 "Return malloc types");
1113 SYSCTL_INT(_kern, OID_AUTO, malloc_count, CTLFLAG_RD, &kmemcount, 0,
1114 "Count of kernel malloc types");
1117 malloc_type_list(malloc_type_list_func_t *func, void *arg)
1119 struct malloc_type *mtp, **bufmtp;
1123 mtx_lock(&malloc_mtx);
1125 mtx_assert(&malloc_mtx, MA_OWNED);
1127 mtx_unlock(&malloc_mtx);
1129 buflen = sizeof(struct malloc_type *) * count;
1130 bufmtp = malloc(buflen, M_TEMP, M_WAITOK);
1132 mtx_lock(&malloc_mtx);
1134 if (count < kmemcount) {
1135 free(bufmtp, M_TEMP);
1139 for (mtp = kmemstatistics, i = 0; mtp != NULL; mtp = mtp->ks_next, i++)
1142 mtx_unlock(&malloc_mtx);
1144 for (i = 0; i < count; i++)
1145 (func)(bufmtp[i], arg);
1147 free(bufmtp, M_TEMP);
1151 DB_SHOW_COMMAND(malloc, db_show_malloc)
1153 struct malloc_type_internal *mtip;
1154 struct malloc_type *mtp;
1155 uint64_t allocs, frees;
1156 uint64_t alloced, freed;
1159 db_printf("%18s %12s %12s %12s\n", "Type", "InUse", "MemUse",
1161 for (mtp = kmemstatistics; mtp != NULL; mtp = mtp->ks_next) {
1162 mtip = (struct malloc_type_internal *)mtp->ks_handle;
1167 for (i = 0; i < MAXCPU; i++) {
1168 allocs += mtip->mti_stats[i].mts_numallocs;
1169 frees += mtip->mti_stats[i].mts_numfrees;
1170 alloced += mtip->mti_stats[i].mts_memalloced;
1171 freed += mtip->mti_stats[i].mts_memfreed;
1173 db_printf("%18s %12ju %12juK %12ju\n",
1174 mtp->ks_shortdesc, allocs - frees,
1175 (alloced - freed + 1023) / 1024, allocs);
1181 #if MALLOC_DEBUG_MAXZONES > 1
1182 DB_SHOW_COMMAND(multizone_matches, db_show_multizone_matches)
1184 struct malloc_type_internal *mtip;
1185 struct malloc_type *mtp;
1189 db_printf("Usage: show multizone_matches <malloc type/addr>\n");
1193 if (mtp->ks_magic != M_MAGIC) {
1194 db_printf("Magic %lx does not match expected %x\n",
1195 mtp->ks_magic, M_MAGIC);
1199 mtip = mtp->ks_handle;
1200 subzone = mtip->mti_zone;
1202 for (mtp = kmemstatistics; mtp != NULL; mtp = mtp->ks_next) {
1203 mtip = mtp->ks_handle;
1204 if (mtip->mti_zone != subzone)
1206 db_printf("%s\n", mtp->ks_shortdesc);
1211 #endif /* MALLOC_DEBUG_MAXZONES > 1 */
1214 #ifdef MALLOC_PROFILE
1217 sysctl_kern_mprof(SYSCTL_HANDLER_ARGS)
1231 error = sysctl_wire_old_buffer(req, 0);
1234 sbuf_new_for_sysctl(&sbuf, NULL, 128, req);
1236 "\n Size Requests Real Size\n");
1237 for (i = 0; i < KMEM_ZSIZE; i++) {
1238 size = i << KMEM_ZSHIFT;
1239 rsize = kmemzones[kmemsize[i]].kz_size;
1240 count = (long long unsigned)krequests[i];
1242 sbuf_printf(&sbuf, "%6d%28llu%11d\n", size,
1243 (unsigned long long)count, rsize);
1245 if ((rsize * count) > (size * count))
1246 waste += (rsize * count) - (size * count);
1247 mem += (rsize * count);
1250 "\nTotal memory used:\t%30llu\nTotal Memory wasted:\t%30llu\n",
1251 (unsigned long long)mem, (unsigned long long)waste);
1252 error = sbuf_finish(&sbuf);
1257 SYSCTL_OID(_kern, OID_AUTO, mprof, CTLTYPE_STRING|CTLFLAG_RD,
1258 NULL, 0, sysctl_kern_mprof, "A", "Malloc Profiling");
1259 #endif /* MALLOC_PROFILE */
projects / FreeBSD / FreeBSD.git / blob